DerbyConCTF Flag: HopeSolo

The 10.10.146.187 host also happened to contain a database (or more, dunno). That was an easy enough to figure out upon visiting the website:

Obviously (or maybe not), that meant it was time for some old-fashioned SQL injection.

I entered whatever as the username and ' or '1'='1 as the password:

That resulted in the flag HopeSolo which was worth 40 points.

While reviewing my screenshots to make this blog post, I came to the embarrassing realization that I SERIOUSLY overlooked one should-have-been-obvious flag and another that was buried in that index file. Proof that the once-reliable grep command has it’s limitations.